Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3204

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-3204
Last Modified 17 Sep 2009 12:00:00
Published 16 Sep 2009 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3204

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php.

Vulnerable Systems

Application

  • Stivaforum Stiva Forum 1.0


References

XF - stivaforum-forum-xss(52613)

SECUNIA - 36409

MISC - http://packetstormsecurity.org/0908-exploits/stivaforum-xss.txt

OSVDB - 57178

OSVDB - 57177


Last Updated: 27 May 2016 10:51:10